You are previewing Network Security Bible, 2nd Edition.
O'Reilly logo
Network Security Bible, 2nd Edition

Book Description

The comprehensive A-to-Z guide on network security, fully revised and updated

Network security is constantly evolving, and this comprehensive guide has been thoroughly updated to cover the newest developments. If you are responsible for network security, this is the reference you need at your side.

Covering new techniques, technology, and methods for approaching security, it also examines new trends and best practices being used by many organizations. The revised Network Security Bible complements the Cisco Academy course instruction in networking security.

  • Covers all core areas of network security and how they interrelate

  • Fully revised to address new techniques, technology, and methods for securing an enterprise worldwide

  • Examines new trends and best practices in use by organizations to secure their enterprises

  • Features additional chapters on areas related to data protection/correlation and forensics

  • Includes cutting-edge topics such as integrated cybersecurity and sections on Security Landscape, with chapters on validating security, data protection, forensics, and attacks and threats

If you need to get up to date or stay current on network security, Network Security Bible, 2nd Edition covers everything you need to know.

Table of Contents

  1. Copyright
  2. About the Author
  3. About the Technical Editor
  4. Credits
  5. Acknowledgments
  6. Introduction
    1. The Goal of This Book
    2. How to Use This Book
      1. Use as a comprehensive tutorial on the field of network security
      2. Use as a "how to" manual for implementing network security
      3. Use as a Reference Document for the Information and Network Security Practitioner
      4. Use as a guide for planning future network security issues and projects
    3. Who Should Read This Book
    4. How This Book Is Organized
      1. Part I: Network Security Landscape
      2. Part II: Security Principles and Practices
      3. Part III: Operating Systems and Applications
      4. Part IV: Network Security Fundamentals
      5. Part V: Communication
      6. Part VI: The Security Threat and Response
      7. Part VII: Integrated Cyber Security
      8. Conventions and Features
        1. Tips, Notes, and Cautions
    5. Where To Go From Here
  7. I. Network Security Landscape
    1. 1. State of Network Security
      1. 1.1. Cyber Security
        1. 1.1.1. Defining risk
        2. 1.1.2. Background: How did We Get to this Point?
        3. 1.1.3. Moving beyond reactive security
        4. 1.1.4. Trends
        5. 1.1.5. Key characteristics of attacks
          1. 1.1.5.1. Attacks are growing dramatically
          2. 1.1.5.2. Threats are more sophisticated
          3. 1.1.5.3. Knowns outnumbered by unknowns
          4. 1.1.5.4. Current Approach Ineffective
      2. 1.2. Summary
    2. 2. New Approaches to Cyber Security
      1. 2.1. General Trends
        1. 2.1.1. Overview of security breaches
        2. 2.1.2. Current state of security
        3. 2.1.3. Boundless nature of the internet
        4. 2.1.4. Type of attacks
          1. 2.1.4.1. Active attacks
          2. 2.1.4.2. Passive attacks
        5. 2.1.5. New Way of Thinking
        6. 2.1.6. Overview of General Security Principles
      2. 2.2. The Changing Face of Cyber Security
      3. 2.3. Summary
    3. 3. Interfacing with the Organization
      1. 3.1. An Enterprise Security Methodology
        1. 3.1.1. The methodology
      2. 3.2. Key Questions to Manage Risk
      3. 3.3. Summary
  8. II. Security Principles and Practices
    1. 4. Information System Security Principles
      1. 4.1. Key Principles of Network Security
        1. 4.1.1. Confidentiality
        2. 4.1.2. Integrity
        3. 4.1.3. Availability
        4. 4.1.4. Other Important Terms
      2. 4.2. Formal Processes
        1. 4.2.1. The Systems Engineering Process
        2. 4.2.2. The Information Assurance Technical Framework
          1. 4.2.2.1. Defense-in-Depth
            1. 4.2.2.1.1. People
            2. 4.2.2.1.2. Technology
            3. 4.2.2.1.3. Operations
          2. 4.2.2.2. Systems Engineering Processes
        3. 4.2.3. The Information Systems Security Engineering Process
          1. 4.2.3.1. Discover Information Protection Needs
          2. 4.2.3.2. Define System Security Requirements
          3. 4.2.3.3. Design System Security Architecture
          4. 4.2.3.4. Develop Detailed Security Design
          5. 4.2.3.5. Implement System Security
          6. 4.2.3.6. Assess Information Protection Effectiveness
        4. 4.2.4. The systems development life cycle
          1. 4.2.4.1. Initiation
          2. 4.2.4.2. Development/Acquisition
          3. 4.2.4.3. Implementation
          4. 4.2.4.4. Operation/Maintenance
          5. 4.2.4.5. Disposal
        5. 4.2.5. Information Systems Security and the SDLC
          1. 4.2.5.1. Generally accepted principles for securing information technology
          2. 4.2.5.2. Common Practices for Securing Information Technology
          3. 4.2.5.3. Engineering Principles for Information Technology Security
          4. 4.2.5.4. Information System Development Cycle
      3. 4.3. Risk Management
        1. 4.3.1. Definitions
          1. 4.3.1.1. Risk
          2. 4.3.1.2. Threat
          3. 4.3.1.3. Threat-source
          4. 4.3.1.4. Vulnerability
          5. 4.3.1.5. Impact
        2. 4.3.2. Risk Management and the SDLC
          1. 4.3.2.1. Risk Assessment
            1. 4.3.2.1.1. System Characterization
            2. 4.3.2.1.2. Threat Identification
            3. 4.3.2.1.3. Vulnerability Identification
            4. 4.3.2.1.4. Control Analysis
            5. 4.3.2.1.5. Likelihood Determination
            6. 4.3.2.1.6. Impact Analysis
            7. 4.3.2.1.7. Risk Determination
            8. 4.3.2.1.8. Control Recommendations
            9. 4.3.2.1.9. Results Documentation
          2. 4.3.2.2. Risk Mitigation
            1. 4.3.2.2.1. Risk Mitigation Options
            2. 4.3.2.2.2. Categories of Controls
          3. 4.3.2.3. Evaluation and Assessment
      4. 4.4. Calculating and Managing Risk
      5. 4.5. Summary
    2. 5. Information System Security Management
      1. 5.1. Security Policies
        1. 5.1.1. Senior Management Policy Statement
          1. 5.1.1.1. Advisory Policies
          2. 5.1.1.2. Regulatory Policies
          3. 5.1.1.3. Informative Policies
          4. 5.1.1.4. U.S. Government Policy Types
        2. 5.1.2. Standards, Guidelines, Procedures, and Baselines
      2. 5.2. Security Awareness
        1. 5.2.1. Training
        2. 5.2.2. Measuring Awareness
      3. 5.3. Managing the Technical Effort
        1. 5.3.1. Program Manager
        2. 5.3.2. Program Management Plan
        3. 5.3.3. Systems Engineering Management Plan
          1. 5.3.3.1. Statement of Work
          2. 5.3.3.2. Work Breakdown Structure
          3. 5.3.3.3. Technical Performance Measurement
          4. 5.3.3.4. Test and Evaluation Master Plan
      4. 5.4. Configuration Management
        1. 5.4.1. Primary Functions of Configuration Management
        2. 5.4.2. Definitions and Procedures
          1. 5.4.2.1. Configuration Identification
          2. 5.4.2.2. Configuration Control
          3. 5.4.2.3. Configuration status accounting
          4. 5.4.2.4. Configuration Auditing
          5. 5.4.2.5. Documentation change control
      5. 5.5. Business Continuity and Disaster Recovery Planning
        1. 5.5.1. Business continuity planning
          1. 5.5.1.1. Business continuity planning goals and process
            1. 5.5.1.1.1. Scope and Plan Initiation
            2. 5.5.1.1.2. Business Impact Assessment
            3. 5.5.1.1.3. Business Continuity Plan Development
            4. 5.5.1.1.4. Plan approval and implementation
          2. 5.5.1.2. Roles and responsibilities
        2. 5.5.2. Disaster recovery planning
          1. 5.5.2.1. Goals
          2. 5.5.2.2. Disaster recovery process
            1. 5.5.2.2.1. Developing the disaster recovery plan
            2. 5.5.2.2.2. Determining recovery time objectives
          3. 5.5.2.3. Establishing backup sites
          4. 5.5.2.4. Plan testing
          5. 5.5.2.5. Implementing the Plan
      6. 5.6. Physical Security
        1. 5.6.1. Controls
          1. 5.6.1.1. Physical Controls
          2. 5.6.1.2. Technical Controls
            1. 5.6.1.2.1. Smart Cards
            2. 5.6.1.2.2. Biometric Devices
          3. 5.6.1.3. Administrative Controls
            1. 5.6.1.3.1. Administrative Personnel Controls
            2. 5.6.1.3.2. Facility Planning
            3. 5.6.1.3.3. Facility Security Management
        2. 5.6.2. Environmental Issues
          1. 5.6.2.1. Electrical Power
          2. 5.6.2.2. Humidity
        3. 5.6.3. Fire Suppression
          1. 5.6.3.1. Fire Extinguishing Systems
        4. 5.6.4. Object reuse and data remanence
      7. 5.7. Legal and Liability Issues
        1. 5.7.1. Types of Computer Crime
        2. 5.7.2. Electronic Monitoring
        3. 5.7.3. Liability
      8. 5.8. Summary
    3. 6. Access Control
      1. 6.1. Control Models
        1. 6.1.1. Discretionary Access Control
        2. 6.1.2. Mandatory access control
        3. 6.1.3. Non-discretionary access control
      2. 6.2. Types of Access Control Implementations
        1. 6.2.1. Preventive/administrative
        2. 6.2.2. Preventive/technical
        3. 6.2.3. Preventive/physical
        4. 6.2.4. Detective/administrative
        5. 6.2.5. Detective/technical
        6. 6.2.6. Detective/physical
        7. 6.2.7. Centralized/decentralized access controls
      3. 6.3. Identification and Authentication
        1. 6.3.1. Passwords
        2. 6.3.2. Biometrics
        3. 6.3.3. Single Sign-On
          1. 6.3.3.1. Kerberos
          2. 6.3.3.2. SESAME
          3. 6.3.3.3. KryptoKnight
      4. 6.4. Databases
        1. 6.4.1. Relational databases
          1. 6.4.1.1. Example relational database operations
          2. 6.4.1.2. Data Normalization
        2. 6.4.2. Other Database Types
          1. 6.4.2.1. Object-oriented databases
          2. 6.4.2.2. Object-relational Databases
      5. 6.5. Remote Access
        1. 6.5.1. RADIUS
        2. 6.5.2. TACACS and TACACS+
        3. 6.5.3. Password Authentication Protocol
        4. 6.5.4. Challenge Handshake Authentication Protocol
      6. 6.6. Summary
    4. 7. Attacks and Threats
      1. 7.1. Malicious Code
        1. 7.1.1. Viruses
      2. 7.2. Review of Common Attacks
        1. 7.2.1. Denial-of-service (DoS)
        2. 7.2.2. Back door
        3. 7.2.3. Spoofing
        4. 7.2.4. Man in the middle
        5. 7.2.5. Replay
        6. 7.2.6. TCP/Hijacking
        7. 7.2.7. Fragmentation attacks
        8. 7.2.8. Weak keys
        9. 7.2.9. Mathematical attacks
        10. 7.2.10. Social engineering
        11. 7.2.11. Port scanning
        12. 7.2.12. Dumpster diving
        13. 7.2.13. Birthday attacks
        14. 7.2.14. Password guessing
          1. 7.2.14.1. Brute force
          2. 7.2.14.2. Dictionary attack
        15. 7.2.15. Software exploitation
        16. 7.2.16. Inappropriate system use
        17. 7.2.17. Eavesdropping
        18. 7.2.18. War driving
        19. 7.2.19. TCP sequence number attacks
        20. 7.2.20. War-dialing/demon-dialing attacks
      3. 7.3. External Attack Methodologies Overview
        1. 7.3.1. Distributed denial-of-service attacks (DDoS)
          1. 7.3.1.1. TCP SYN flood attacks
          2. 7.3.1.2. Smurf IP attack
          3. 7.3.1.3. Ping of Death
          4. 7.3.1.4. Botnets
        2. 7.3.2. Targeted hacks/espionage
          1. 7.3.2.1. Intelligence gathering
          2. 7.3.2.2. Active scanning
          3. 7.3.2.3. Exploitation
          4. 7.3.2.4. Maintaining access
      4. 7.4. Internal Threat Overview
        1. 7.4.1. Unintentional filesharing
        2. 7.4.2. Device loss and theft
      5. 7.5. Summary
  9. III. Operating Systems and Applications
    1. 8. Windows Security
      1. 8.1. Windows Security at the Heart of the Defense
        1. 8.1.1. Who would target an organization?
        2. 8.1.2. Be afraid...
        3. 8.1.3. Microsoft recommendations
      2. 8.2. Out-of-the-Box Operating System Hardening
        1. 8.2.1. Prior to system hardening
        2. 8.2.2. The general process of system hardening
        3. 8.2.3. Windows vulnerability protection
          1. 8.2.3.1. Off-the-shelf Products
          2. 8.2.3.2. Academic technologies/ideas
            1. 8.2.3.2.1. Rearranging stack data locations
            2. 8.2.3.2.2. Adding System Calls to the Operating System
            3. 8.2.3.2.3. Use of Canary Values to Indicate Changes
            4. 8.2.3.2.4. Use of safer library calls
        4. 8.2.4. Windows 2003 New Installation Example
        5. 8.2.5. Windows Quick-start Hardening Tips
          1. 8.2.5.1. Apply patches and service packs
          2. 8.2.5.2. Remove file and print sharing
          3. 8.2.5.3. Port Blocking
          4. 8.2.5.4. Implement strong passwords
          5. 8.2.5.5. Disable unneeded services
          6. 8.2.5.6. Remove Unneeded Windows Components
          7. 8.2.5.7. Run Security Template
        6. 8.2.6. Specifics of system hardening
          1. 8.2.6.1. Do not use AUTORUN
          2. 8.2.6.2. File permissions
          3. 8.2.6.3. The Registry
          4. 8.2.6.4. File allocation table security
          5. 8.2.6.5. User groups rights
          6. 8.2.6.6. Create or edit user level accounts
          7. 8.2.6.7. Use good passwords
        7. 8.2.7. Securing the Typical Windows Business Workstation
        8. 8.2.8. Securing the Typical Windows Home System
      3. 8.3. Installing Applications
        1. 8.3.1. Antivirus protection
        2. 8.3.2. Personal firewalls
        3. 8.3.3. Secure Shell
        4. 8.3.4. Secure FTP
        5. 8.3.5. Pretty Good Privacy
      4. 8.4. Putting the Workstation on the Network
        1. 8.4.1. Test the hardened workstation
        2. 8.4.2. Physical security
        3. 8.4.3. Architecture
        4. 8.4.4. Firewall
        5. 8.4.5. Intrusion detection systems
      5. 8.5. Operating Windows Safely
        1. 8.5.1. Separate risky behavior
        2. 8.5.2. Physical security issues
          1. 8.5.2.1. Secure the workstation when not in use
          2. 8.5.2.2. Keep strangers off your systems
        3. 8.5.3. Configuration issues
          1. 8.5.3.1. Use antivirus protection
          2. 8.5.3.2. Limit user rights
          3. 8.5.3.3. Manage user accounts
        4. 8.5.4. Configuration Control
          1. 8.5.4.1. Control users on the system
          2. 8.5.4.2. Use digital certificate technology
          3. 8.5.4.3. Know the software running on the workstation
        5. 8.5.5. Operating issues
          1. 8.5.5.1. Adhere to policies
          2. 8.5.5.2. Minimize use of administrator account
          3. 8.5.5.3. Enforce good data handling
          4. 8.5.5.4. Avoid Viruses, Worms, and Trojan Horses
          5. 8.5.5.5. Use Good Passwords
          6. 8.5.5.6. Limit the use of NetBIOS
          7. 8.5.5.7. Avoid NULL sessions
          8. 8.5.5.8. Conduct frequent backups
      6. 8.6. Upgrades and Patches
        1. 8.6.1. Keep current with microsoft upgrades and patches
        2. 8.6.2. Keep Current with Application Upgrades and Patches
        3. 8.6.3. Keep current with antivirus signatures
        4. 8.6.4. Use the Most Modern Windows Version
      7. 8.7. Maintain and Test the Security
        1. 8.7.1. Scan for vulnerabilities
        2. 8.7.2. Test questionable applications
        3. 8.7.3. Be sensitive to the performance of the system
        4. 8.7.4. Replace old Windows systems
        5. 8.7.5. Periodically re-evaluate and rebuild
        6. 8.7.6. Monitoring
        7. 8.7.7. Logging and auditing
        8. 8.7.8. Clean up the system
        9. 8.7.9. Prepare for the eventual attack
      8. 8.8. Attacks Against the Windows Workstation
        1. 8.8.1. Viruses
        2. 8.8.2. Worms
        3. 8.8.3. Trojan horses
        4. 8.8.4. Spyware and ad support
        5. 8.8.5. Spyware and 'Big Brother'
        6. 8.8.6. Physical attacks
        7. 8.8.7. TEMPEST attacks
        8. 8.8.8. Back Doors
        9. 8.8.9. Denial-of-service attacks
        10. 8.8.10. File extensions
        11. 8.8.11. Packet sniffing
        12. 8.8.12. Hijacking and session replay
        13. 8.8.13. Social engineering
      9. 8.9. Summary
    2. 9. UNIX and Linux Security
      1. 9.1. The Focus of UNIX/Linux Security
        1. 9.1.1. UNIX as a target
          1. 9.1.1.1. Open source
          2. 9.1.1.2. Easy-to-obtain operating system
          3. 9.1.1.3. Network and development tools
          4. 9.1.1.4. Information Exchange
        2. 9.1.2. UNIX/Linux as a poor target
          1. 9.1.2.1. Many versions and builds
          2. 9.1.2.2. Expert users
          3. 9.1.2.3. Scripts not as easily run
          4. 9.1.2.4. File ownership
        3. 9.1.3. Open source issues
      2. 9.2. Physical Security
        1. 9.2.1. Limiting access
        2. 9.2.2. Detecting hardware changes
        3. 9.2.3. Disk partitioning
        4. 9.2.4. Prepare for the eventual attack
      3. 9.3. Controlling the Configuration
        1. 9.3.1. Installed packages
        2. 9.3.2. Kernel configurations
          1. 9.3.2.1. Kernel options
          2. 9.3.2.2. Kernel Modules
          3. 9.3.2.3. System calls
          4. 9.3.2.4. /proc File System
      4. 9.4. Operating UNIX Safely
        1. 9.4.1. Controlling processes
          1. 9.4.1.1. Services to avoid
          2. 9.4.1.2. Useful Services
          3. 9.4.1.3. Uncommon services
          4. 9.4.1.4. Detecting services
            1. 9.4.1.4.1. The ps command
            2. 9.4.1.4.2. The netstat Command
            3. 9.4.1.4.3. The nmap Command
          5. 9.4.1.5. Processes controlling processes
            1. 9.4.1.5.1. The init process
            2. 9.4.1.5.2. The xinetd process
            3. 9.4.1.5.3. The chkconfig command
            4. 9.4.1.5.4. The service command
        2. 9.4.2. Controlling users
          1. 9.4.2.1. File permissions
          2. 9.4.2.2. Set UID
          3. 9.4.2.3. Chroot
          4. 9.4.2.4. Root access
        3. 9.4.3. Encryption and certificates
          1. 9.4.3.1. GNU Privacy Guard
          2. 9.4.3.2. The Secure Shell program
      5. 9.5. Hardening UNIX
        1. 9.5.1. Configuration items
        2. 9.5.2. TCP wrapper
        3. 9.5.3. Checking strong passwords
        4. 9.5.4. Packet filtering with iptables
          1. 9.5.4.1. Blocking incoming traffic
          2. 9.5.4.2. Blocking outgoing traffic
          3. 9.5.4.3. Logging blocked traffic
          4. 9.5.4.4. Advanced blocking techniques
      6. 9.6. Summary
    3. 10. Web Browser and Client Security
      1. 10.1. Web Browser and Client Risk
        1. 10.1.1. Privacy vs. security
        2. 10.1.2. Web browser convenience
        3. 10.1.3. Web browser productivity and popularity
        4. 10.1.4. Web browser evolution
        5. 10.1.5. Web browser risks
        6. 10.1.6. Issues working against the attacker
      2. 10.2. How a Web Browser Works
        1. 10.2.1. HTTP, the browser protocol
        2. 10.2.2. Cookies
        3. 10.2.3. Maintaining state
        4. 10.2.4. Caching
        5. 10.2.5. Secure Socket Layer/ Transport Layer Security
          1. 10.2.5.1. A typical SSL session
          2. 10.2.5.2. SSL performance issues
      3. 10.3. Web Browser Attacks
        1. 10.3.1. Hijacking attack
        2. 10.3.2. Replay attack
        3. 10.3.3. Browser parasites
      4. 10.4. Operating Safely
        1. 10.4.1. Keeping current with patches
        2. 10.4.2. Avoiding viruses
        3. 10.4.3. Using secure sites
        4. 10.4.4. Securing the network environment
        5. 10.4.5. Using a secure proxy
        6. 10.4.6. Avoid using private data
        7. 10.4.7. General recommendations
      5. 10.5. Web Browser Configurations
        1. 10.5.1. Cookies
        2. 10.5.2. Plugins
          1. 10.5.2.1. ActiveX
          2. 10.5.2.2. Java
          3. 10.5.2.3. JavaScript
        3. 10.5.3. Netscape-specific issues
          1. 10.5.3.1. Encryption
          2. 10.5.3.2. Netscape cookies
          3. 10.5.3.3. History and cache
        4. 10.5.4. Internet Explorer-specific issues
          1. 10.5.4.1. General settings
          2. 10.5.4.2. Security settings
            1. 10.5.4.2.1. Internet
            2. 10.5.4.2.2. Local intranet
            3. 10.5.4.2.3. Trusted sites
            4. 10.5.4.2.4. Restricted sites
          3. 10.5.4.3. Privacy settings
          4. 10.5.4.4. Content settings
          5. 10.5.4.5. Advanced settings
          6. 10.5.4.6. Encryption
      6. 10.6. Summary
    4. 11. Web Security
      1. 11.1. What Is HTTP?
      2. 11.2. How Does HTTP Work?
        1. 11.2.1. HTTP implementation
        2. 11.2.2. Persistent connections
        3. 11.2.3. The client/server model
        4. 11.2.4. Put
        5. 11.2.5. Get
        6. 11.2.6. HTML
      3. 11.3. Server Content
        1. 11.3.1. CGI scripts
        2. 11.3.2. PHP pages
      4. 11.4. Client Content
        1. 11.4.1. JavaScript
        2. 11.4.2. Java
          1. 11.4.2.1. The sandbox and security
          2. 11.4.2.2. Types of Java Permissions
        3. 11.4.3. ActiveX
      5. 11.5. State
        1. 11.5.1. What is state?
        2. 11.5.2. How does it relate to HTTP?
        3. 11.5.3. What applications need state?
        4. 11.5.4. Tracking state
        5. 11.5.5. Cookies
          1. 11.5.5.1. How do they work?
          2. 11.5.5.2. Cookie security
          3. 11.5.5.3. Where are the cookies stored?
        6. 11.5.6. Web bugs
        7. 11.5.7. URL tracking
        8. 11.5.8. Hidden frames
        9. 11.5.9. Hidden fields
      6. 11.6. Attacking Web Servers
        1. 11.6.1. Account harvesting
          1. 11.6.1.1. Enumerating directories
          2. 11.6.1.2. Investigative searching
          3. 11.6.1.3. Faulty authorization
        2. 11.6.2. SQL injection
      7. 11.7. Web Services
        1. 11.7.1. Web service standards and protocols
        2. 11.7.2. Service transport
        3. 11.7.3. XML messaging
        4. 11.7.4. Service description
        5. 11.7.5. Service discovery
      8. 11.8. Summary
    5. 12. Electronic mail (E-mail) Security
      1. 12.1. The E-mail Risk
        1. 12.1.1. Data vulnerabilities
        2. 12.1.2. Simple e-mail vs. collaboration
          1. 12.1.2.1. Attacks involving malcode
          2. 12.1.2.2. Privacy data
          3. 12.1.2.3. Data integrity
            1. 12.1.2.3.1. E-mail man-in-the-middle attacks
            2. 12.1.2.3.2. E-mail replay attack
          4. 12.1.2.4. The bottom line
        3. 12.1.3. Spam
          1. 12.1.3.1. Spam DoS
          2. 12.1.3.2. Blacklisting
          3. 12.1.3.3. Spam filters
        4. 12.1.4. Maintaining e-mail confidentiality
        5. 12.1.5. Maintaining e-mail integrity
        6. 12.1.6. E-mail availability issues
      2. 12.2. The E-mail Protocols
        1. 12.2.1. SMTP
        2. 12.2.2. POP/POP3
        3. 12.2.3. IMAP
      3. 12.3. E-mail Authentication
        1. 12.3.1. Plain login
        2. 12.3.2. Login authentication
        3. 12.3.3. APOP
        4. 12.3.4. NTLM/SPA
        5. 12.3.5. +OK logged onPOP before SMTP
        6. 12.3.6. Kerberos and GSSAPI
      4. 12.4. Operating Safely When Using E-mail
        1. 12.4.1. Be paranoid
        2. 12.4.2. Mail client configurations
        3. 12.4.3. Application versions
        4. 12.4.4. Architectural considerations
        5. 12.4.5. SSH tunnel
          1. 12.4.5.1. Establish SSH session
          2. 12.4.5.2. Configure e-mail clients
          3. 12.4.5.3. SSH advantages and disadvantages
        6. 12.4.6. PGP and GPG
      5. 12.5. Summary
    6. 13. Domain Name System
      1. 13.1. DNS Basics
      2. 13.2. Purpose of DNS
        1. 13.2.1. Forward lookups
        2. 13.2.2. Reverse lookups
        3. 13.2.3. Handling Reverse Lookups
        4. 13.2.4. Alternative approaches to name resolution
      3. 13.3. Setting Up DNS
      4. 13.4. Security Issues with DNS
        1. 13.4.1. Misconfigurations
        2. 13.4.2. Zone transfers
          1. 13.4.2.1. Historical problems
          2. 13.4.2.2. Specifying transfer sites
          3. 13.4.2.3. TSIG for requiring certificates
          4. 13.4.2.4. DNS Security Extensions
          5. 13.4.2.5. Zone transfer alternatives
        3. 13.4.3. Predictable query Ids
        4. 13.4.4. Recursion and iterative queries
      5. 13.5. DNS Attacks
        1. 13.5.1. Simple DNS attacks
        2. 13.5.2. Cache poisoning
      6. 13.6. Designing DNS
        1. 13.6.1. Split DNS
        2. 13.6.2. Split-split DNS
      7. 13.7. Master Slave DNS
      8. 13.8. Detailed DNS Architecture
      9. 13.9. DNS SEC
        1. 13.9.1. Trust anchors and authentication chains
        2. 13.9.2. The DNS SEC lookup process
        3. 13.9.3. Advantages of DNS SEC
        4. 13.9.4. Disadvantages or shortfalls
        5. 13.9.5. How do we implement DNS SEC?
        6. 13.9.6. Scalability of DNS SEC with current internet standards
      10. 13.10. Summary
    7. 14. Server Security
      1. 14.1. General Server Risks
      2. 14.2. Security by Design
        1. 14.2.1. Maintain a security mindset
          1. 14.2.1.1. Risk-based security controls
          2. 14.2.1.2. Defense in depth
          3. 14.2.1.3. Keep it simple (and secure)
          4. 14.2.1.4. Respect the adversary
          5. 14.2.1.5. Security awareness
          6. 14.2.1.6. Business impact
        2. 14.2.2. Establishing a secure development environment
          1. 14.2.2.1. Management
          2. 14.2.2.2. Configuration Control Board
          3. 14.2.2.3. Network support for development
        3. 14.2.3. Secure development practices
          1. 14.2.3.1. Handling data
          2. 14.2.3.2. Keeping code clean
          3. 14.2.3.3. Choosing the language
          4. 14.2.3.4. Input validation and content injection
            1. 14.2.3.4.1. Cross-site scripting
            2. 14.2.3.4.2. SQL injection
            3. 14.2.3.4.3. Stored procedures
            4. 14.2.3.4.4. Dynamic scripting
            5. 14.2.3.4.5. Screen for all unusual input
          5. 14.2.3.5. Use encryption
        4. 14.2.4. Test, test, test
      3. 14.3. Operating Servers Safely
        1. 14.3.1. Controlling the server configuration
          1. 14.3.1.1. Physical security of the system
          2. 14.3.1.2. Minimizing services
          3. 14.3.1.3. System backups
        2. 14.3.2. Controlling users and access
        3. 14.3.3. Passwords
        4. 14.3.4. Monitoring, auditing, and logging
      4. 14.4. Server Applications
        1. 14.4.1. Data sharing
          1. 14.4.1.1. FTP servers
          2. 14.4.1.2. LDAP
        2. 14.4.2. Peer to peer
        3. 14.4.3. Instant messaging and chat
      5. 14.5. Multi-Level Security and Digital Rights Management
        1. 14.5.1. Background
        2. 14.5.2. The challenges of information control
        3. 14.5.3. Building systems for information control
      6. 14.6. Summary
  10. IV. Network Security Fundamentals
    1. 15. Network Protocols
      1. 15.1. Protocols
      2. 15.2. The Open Systems Interconnect Model
      3. 15.3. The OSI Layers
        1. 15.3.1. The Application layer
        2. 15.3.2. The Presentation layer
        3. 15.3.3. The Session layer
        4. 15.3.4. The Transport layer
        5. 15.3.5. The Network layer
        6. 15.3.6. The Data Link layer
        7. 15.3.7. The Physical layer
      4. 15.4. The TCP/IP Model
      5. 15.5. TCP/IP Model Layers
      6. 15.6. Internet Protocol
        1. 15.6.1. History of the Internet Protocol
        2. 15.6.2. CIDR
        3. 15.6.3. NAT
        4. 15.6.4. IPv6 solution
          1. 15.6.4.1. IPv6 multicast
          2. 15.6.4.2. IPv6 anycast
          3. 15.6.4.3. IPv6 address autoconfiguration
          4. 15.6.4.4. IPv6 transition
          5. 15.6.4.5. IPv6 header
        5. 15.6.5. IPv7 and IPv8 solutions
      7. 15.7. VoIP
        1. 15.7.1. Using VoIP
          1. 15.7.1.1. ATA
          2. 15.7.1.2. IP phones
          3. 15.7.1.3. Computer to computer
        2. 15.7.2. The standard phone system: Circuit switching
        3. 15.7.3. VoIP uses packet switching
        4. 15.7.4. Deciding to use VoIP
        5. 15.7.5. Security issues
        6. 15.7.6. Risk factors
        7. 15.7.7. Network design
        8. 15.7.8. Use of softphones vs. hardware phones
        9. 15.7.9. Voice and data crossover requirements
        10. 15.7.10. VoIP server environments
        11. 15.7.11. VoIP protocols
          1. 15.7.11.1. Session-Initiated Protocol
          2. 15.7.11.2. H.323
      8. 15.8. Summary
    2. 16. Wireless Security
      1. 16.1. Electromagnetic Spectrum
      2. 16.2. The Cellular Phone Network
      3. 16.3. Placing a Cellular Telephone Call
        1. 16.3.1. Cellular network evolution and transition to 4G
        2. 16.3.2. System infrastructure
        3. 16.3.3. Location discovery and handoff
        4. 16.3.4. Synergy between local area and cellular networks
        5. 16.3.5. Fault tolerance and network security
      4. 16.4. Wireless Transmission Systems
        1. 16.4.1. Time Division Multiple Access
        2. 16.4.2. Frequency Division Multiple Access
        3. 16.4.3. Code Division Multiple Access
        4. 16.4.4. Wireless transmission system types
          1. 16.4.4.1. Advanced Mobile Phone System
        5. 16.4.5. Global System for Mobile Communications
          1. 16.4.5.1. Cellular Digital Packet Data
          2. 16.4.5.2. Personal Digital Cellular
          3. 16.4.5.3. Total Access Communication System
          4. 16.4.5.4. Nordic Mobile Telephone
          5. 16.4.5.5. International Mobile Telephone Standard 2000
          6. 16.4.5.6. Universal Mobile Telecommunications Systems
      5. 16.5. Pervasive Wireless Data Network Technologies
        1. 16.5.1. Spread spectrum
        2. 16.5.2. Spread spectrum basics
          1. 16.5.2.1. Direct sequence spread spectrum
          2. 16.5.2.2. Frequency Hopping Spread Spectrum
          3. 16.5.2.3. Orthogonal Frequency Division Multiplexing
      6. 16.6. IEEE Wireless LAN Specifications
        1. 16.6.1. The PHY layer
        2. 16.6.2. The MAC layer
      7. 16.7. IEEE 802.11
        1. 16.7.1. Wireless channels
        2. 16.7.2. Deployment and management
        3. 16.7.3. Operational features
      8. 16.8. IEEE 802.11 Wireless Security
        1. 16.8.1. The wireless network security stack
          1. 16.8.1.1. Physical security and Wired Equivalent Privacy
          2. 16.8.1.2. Extensible Authentication Protocol
          3. 16.8.1.3. Key management
          4. 16.8.1.4. Lightweight Extensible Authentication Protocol
          5. 16.8.1.5. Tunneled TLS and Protected Extensible Authentication Protocol
          6. 16.8.1.6. Wireless WAN security
        2. 16.8.2. WEP
          1. 16.8.2.1. WEP open authentication
          2. 16.8.2.2. WEP shared key authentication
        3. 16.8.3. WEP security upgrades
          1. 16.8.3.1. 802.1X authentication
          2. 16.8.3.2. Temporal Key Integrity Protocol
          3. 16.8.3.3. Per-packet mixing function
          4. 16.8.3.4. IV sequencing discipline
            1. 16.8.3.4.1. Message Integrity Codes against forgery
          5. 16.8.3.5. Rekeying against key reuse
        4. 16.8.4. 802.11i
          1. 16.8.4.1. AES Counter and Cipher-Block Chaining modes
          2. 16.8.4.2. Application of AES in 802.11i
          3. 16.8.4.3. Additional 802.11i capabilities
          4. 16.8.4.4. Tools for testing and security wireless
      9. 16.9. Bluetooth
      10. 16.10. Wireless Application Protocol
      11. 16.11. Future of Wireless
        1. 16.11.1. Broadband wireless–Wimax
        2. 16.11.2. WiMax and 3G cellular technologies
        3. 16.11.3. Beyond the future: IEEE 802.20
      12. 16.12. Summary
    3. 17. Network Architecture Fundamentals
      1. 17.1. Network Segments
        1. 17.1.1. Public networksxs
        2. 17.1.2. Semi-private networks
        3. 17.1.3. Private networks
      2. 17.2. Perimeter Defense
      3. 17.3. Network Address Translation
      4. 17.4. Basic Architecture Issues
      5. 17.5. Subnetting, Switching, and VLANs
      6. 17.6. Address Resolution Protocol and Media Access Control
      7. 17.7. Dynamic Host Configuration Protocol and Addressing Control
      8. 17.8. Zero Configuration Networks
        1. 17.8.1. Details of zero configuration networks
        2. 17.8.2. What is required for zero configuration networks?
        3. 17.8.3. When should zero configuration networks be used?
        4. 17.8.4. When should zero configuration networks not be used?
        5. 17.8.5. Security issues with zero configuration networks
        6. 17.8.6. Ways to exploit zero configuration networks
      9. 17.9. System Design and Architecture Against Insider Threats
        1. 17.9.1. Architecture and design
      10. 17.10. Common Attacks
      11. 17.11. Summary
    4. 18. Firewalls
      1. 18.1. Firewalls
        1. 18.1.1. Packet-filtering firewalls
        2. 18.1.2. Stateful packet filtering
        3. 18.1.3. Proxy firewalls
        4. 18.1.4. Disadvantages of firewalls
      2. 18.2. Firewall rules
        1. 18.2.1. Tiered architecture
        2. 18.2.2. Multiple entry points
        3. 18.2.3. Automated modification of rules
        4. 18.2.4. Products for Managing Multiple Heterogeneous Rulesets
        5. 18.2.5. Policy conflict examples in tiered architectures
      3. 18.3. The Use of Personal Firewalls
        1. 18.3.1. Corporate vs. home firewalls
        2. 18.3.2. Iptables
          1. 18.3.2.1. Blocking incoming traffic
          2. 18.3.2.2. Blocking outgoing traffic
          3. 18.3.2.3. Logging blocked traffic
          4. 18.3.2.4. Advanced blocking techniques
      4. 18.4. Summary
    5. 19. Intrusion Detection/Prevention
      1. 19.1. Intrusion Detection Systems
        1. 19.1.1. Types of intrusion detection systems
          1. 19.1.1.1. Host-based intrusion detection systems
          2. 19.1.1.2. Network-based intrusion detection systems
          3. 19.1.1.3. Intrusion prevention systems
        2. 19.1.2. Methods and modes of intrusion detection
          1. 19.1.2.1. Anomaly detection
          2. 19.1.2.2. Pattern matching or misuse detection
          3. 19.1.2.3. Detection issues
      2. 19.2. Responses to Intrusion Detection
      3. 19.3. Emerging Technologies in Intrusion Detection Systems
        1. 19.3.1. Packet inspection methods
        2. 19.3.2. Current packet inspection methods
        3. 19.3.3. Emerging packet inspection methods
          1. 19.3.3.1. Standards compliance
          2. 19.3.3.2. Protocol anomaly detection
          3. 19.3.3.3. Detecting malicious data
          4. 19.3.3.4. Controlling operations
          5. 19.3.3.5. Content matching
        4. 19.3.4. Emerging security architecture and hardware
        5. 19.3.5. Next generation packet inspection
          1. 19.3.5.1. What's next in anomaly detection?
          2. 19.3.5.2. Intrusion prevention
      4. 19.4. Summary
  11. V. Communication
    1. 20. Secret Communication
      1. 20.1. What is Cryptography?
        1. 20.1.1. Why is crypto important?
          1. 20.1.1.1. When is crypto good?
          2. 20.1.1.2. When is crypto bad?
        2. 20.1.2. Goals of Cryptography
          1. 20.1.2.1. Confidentiality
          2. 20.1.2.2. Integrity
          3. 20.1.2.3. Availability
        3. 20.1.3. Sub-goals
          1. 20.1.3.1. Authentication
          2. 20.1.3.2. Non-repudiation
      2. 20.2. General Terms
      3. 20.3. Principles of Cryptography
        1. 20.3.1. You can't prove something is secure, only that it's not secure
        2. 20.3.2. Algorithms and implementations aren't the same
        3. 20.3.3. Never trust proprietary algorithms
        4. 20.3.4. Strength of algorithm is based on secrecy of the key, not the algorithm
        5. 20.3.5. Cryptography is more than SSL
        6. 20.3.6. Cryptography must be built in – like electricity
        7. 20.3.7. All cryptography is crackable; it's just a matter of time
        8. 20.3.8. Secure today does not mean secure tomorrow
      4. 20.4. Historic Cryptography
        1. 20.4.1. Substitution ciphers
          1. 20.4.1.1. Vigenere cipher
          2. 20.4.1.2. XOR and random number generators
        2. 20.4.2. Ciphers that shaped history
      5. 20.5. The Four Cryptographic Primitives
        1. 20.5.1. Random number generation
          1. 20.5.1.1. Algorithms for pseudorandom number generation
          2. 20.5.1.2. Using user input to generate numbers
          3. 20.5.1.3. Whitening functions
          4. 20.5.1.4. Cast Introduction
        2. 20.5.2. Symmetric Encryption
          1. 20.5.2.1. Stream ciphers
          2. 20.5.2.2. Block ciphers
          3. 20.5.2.3. Sharing keys
        3. 20.5.3. Asymmetric encryption (two-key encryption)
          1. 20.5.3.1. Using a certificate authority
          2. 20.5.3.2. Using a web of trust
        4. 20.5.4. Digital signatures
        5. 20.5.5. Hash functions
          1. 20.5.5.1. Keyed hash functions
      6. 20.6. Putting These Primitives Together to Achieve CIA
      7. 20.7. The Difference Between Algorithm and Implementation
        1. 20.7.1. Difference between cryptographic primitives and protocols
      8. 20.8. Proprietary Versus Open Source Algorithms
      9. 20.9. Attacks on Hash Functions
        1. 20.9.1. Attacks on MD4
        2. 20.9.2. Attacks on MD5
        3. 20.9.3. Attacks on SHA-0
        4. 20.9.4. Attacks on SHA-1
        5. 20.9.5. The future of hash functions
      10. 20.10. Quantum Cryptography
        1. 20.10.1. Quantum bits and quantum computation
          1. 20.10.1.1. Secure communication channel
          2. 20.10.1.2. Fast factoring of large composites
        2. 20.10.2. Passwords are obsolete
        3. 20.10.3. Pass phrases
          1. 20.10.3.1. Secure tokens
          2. 20.10.3.2. Biometrics
        4. 20.10.4. Malicious uses of encryption
          1. 20.10.4.1. Blackmail (encrypting a hard disk, then paying for it to be decrypted)
          2. 20.10.4.2. Encryption in worms
      11. 20.11. Summary
    2. 21. Covert Communication
      1. 21.1. Where Hidden Data Hides
      2. 21.2. Where Did It Come From?
      3. 21.3. Where Is It Going?
      4. 21.4. Overview of Steganography
        1. 21.4.1. Why do we need steganography?
        2. 21.4.2. Pros of steganography
        3. 21.4.3. Cons of steganography
        4. 21.4.4. Comparison to other technologiesxs
          1. 21.4.4.1. Trojan horses
          2. 21.4.4.2. Covert channels
          3. 21.4.4.3. Easter eggs
      5. 21.5. History of Steganography
        1. 21.5.1. Using steganography in the fight for the Roman Empire
        2. 21.5.2. Steganography during war
          1. 21.5.2.1. Hiding within ships
          2. 21.5.2.2. Using steganography in conjunction with the environment
      6. 21.6. Core Areas of Network Security and Their Relation to Steganography
        1. 21.6.1. Confidentiality
        2. 21.6.2. Integrity
        3. 21.6.3. Availability
        4. 21.6.4. Additional goals of steganography
          1. 21.6.4.1. Survivability
          2. 21.6.4.2. No detection
          3. 21.6.4.3. Visibility
      7. 21.7. Principles of Steganography
      8. 21.8. Steganography Compared to Cryptography
        1. 21.8.1. Protecting your ring example
        2. 21.8.2. Putting all of the pieces together
      9. 21.9. Types of Steganography
        1. 21.9.1. Original classification scheme
          1. 21.9.1.1. Insertion-based Steganography
          2. 21.9.1.2. Algorithmic-based steganography
          3. 21.9.1.3. Grammar-based steganography
        2. 21.9.2. New classification scheme
          1. 21.9.2.1. Insertion
          2. 21.9.2.2. Substitution
          3. 21.9.2.3. Generation
        3. 21.9.3. Color tables
      10. 21.10. Products That Implement Steganography
        1. 21.10.1. S-Tools
        2. 21.10.2. Hide and Seek
        3. 21.10.3. Jsteg
        4. 21.10.4. EZ-Stego
        5. 21.10.5. Image Hide
        6. 21.10.6. Digital Picture Envelope
        7. 21.10.7. Camouflage
        8. 21.10.8. Gif Shuffle
        9. 21.10.9. Spam Mimic
      11. 21.11. Steganography Versus Digital Watermarking
        1. 21.11.1. What is digital watermarking?
        2. 21.11.2. Why do we need digital watermarking?
        3. 21.11.3. Properties of digital watermarking
      12. 21.12. Types of Digital Watermarking
        1. 21.12.1. Invisible watermarking
        2. 21.12.2. Visible watermarking
      13. 21.13. Goals of Digital Watermarking
      14. 21.14. Digital Watermarking and Stego
        1. 21.14.1. Uses of digital watermarking
        2. 21.14.2. Removing digital watermarks
      15. 21.15. Summary
    3. 22. Applications of Secure/Covert Communication
      1. 22.1. E-mail
        1. 22.1.1. POP/IMAP protocols
        2. 22.1.2. Pretty Good Privacy
        3. 22.1.3. Kerberos
      2. 22.2. Authentication Servers
      3. 22.3. Working Model
      4. 22.4. Public Key Infrastructure
        1. 22.4.1. Public and private keys
          1. 22.4.1.1. Confidentiality
          2. 22.4.1.2. Digital signature
          3. 22.4.1.3. Non-repudiation
        2. 22.4.2. Key management
        3. 22.4.3. Web of trust
      5. 22.5. Virtual Private Networks
        1. 22.5.1. Design issues
        2. 22.5.2. IPSec-based VPN
        3. 22.5.3. IPSec header modes
          1. 22.5.3.1. Authentication Header
          2. 22.5.3.2. Encapsulating Security Payload
        4. 22.5.4. PPTP/PPP-based VPNs
        5. 22.5.5. Secure Shell
      6. 22.6. Secure Sockets Layer/Transport Layer Security
      7. 22.7. SSL Handshake
      8. 22.8. Summary
  12. VI. The Security Threat and Response
    1. 23. Intrusion Detection and Response
      1. 23.1. Intrusion Detection Mechanisms
        1. 23.1.1. Antivirus approaches
          1. 23.1.1.1. Virus scanners
          2. 23.1.1.2. Virus prevention
        2. 23.1.2. Intrusion detection and response
          1. 23.1.2.1. Network-based IDSs
          2. 23.1.2.2. Host-based IDSs
          3. 23.1.2.3. Signature-based IDSs
          4. 23.1.2.4. Statistical anomaly-based IDSs
        3. 23.1.3. IDS issues
      2. 23.2. Honeypots
        1. 23.2.1. Purposes
          1. 23.2.1.1. Preventing attacks
          2. 23.2.1.2. Detecting attacks
          3. 23.2.1.3. Responding to attacks
        2. 23.2.2. Honeypot categories
          1. 23.2.2.1. Low-interaction honeypots
          2. 23.2.2.2. High-interaction honeypot
        3. 23.2.3. When to use a honeypot
        4. 23.2.4. When not to use a honeypot
        5. 23.2.5. Current solutions
          1. 23.2.5.1. Honeyd
          2. 23.2.5.2. Honeynet Project
      3. 23.3. Incident Handling
        1. 23.3.1. CERT/CC practices
          1. 23.3.1.1. Establishing response policies and procedures
          2. 23.3.1.2. Preparing to respond to intrusions
          3. 23.3.1.3. Analyzing all available information
          4. 23.3.1.4. Communicating with all parties
          5. 23.3.1.5. Collecting and protecting information
          6. 23.3.1.6. Applying short-term containment solutions
          7. 23.3.1.7. Eliminating all means of intruder access
          8. 23.3.1.8. Returning systems to normal operation
          9. 23.3.1.9. Identifying and implementing security lessons learned
        2. 23.3.2. Internet Engineering Task Force guidance
        3. 23.3.3. Layered security and IDS
        4. 23.3.4. Computer Security and Incident Response Teams
          1. 23.3.4.1. CERT/CC
          2. 23.3.4.2. FedCIRC
          3. 23.3.4.3. FIRST
        5. 23.3.5. Security incident notification process
        6. 23.3.6. Automated notice and recovery mechanisms
      4. 23.4. Summary
    2. 24. Digital Forensics
      1. 24.1. Computer Forensics Defined
      2. 24.2. Traditional Computer Forensics
        1. 24.2.1. Evidence collection
        2. 24.2.2. Chain of evidence/custody
        3. 24.2.3. Acquisitions
          1. 24.2.3.1. Mirror image
          2. 24.2.3.2. Forensic duplication
          3. 24.2.3.3. Live acquisition
          4. 24.2.3.4. Acquisition storage media
          5. 24.2.3.5. Volatile information
          6. 24.2.3.6. Analysis
          7. 24.2.3.7. Limited examination
          8. 24.2.3.8. Partial examination
          9. 24.2.3.9. Full examination
          10. 24.2.3.10. Documentation
          11. 24.2.3.11. Evidence retention
          12. 24.2.3.12. Legal closure
          13. 24.2.3.13. Civil
          14. 24.2.3.14. Criminal
      3. 24.3. Proactive Forensics
        1. 24.3.1. Methods of proactive forensics
        2. 24.3.2. An ideal proactive forensics system
      4. 24.4. Future Research Areas
      5. 24.5. The Forensic Life Cycle
      6. 24.6. Summary
    3. 25. Security Assessments, Testing, and Evaluation
      1. 25.1. Information Assurance Approaches and Methodologies
        1. 25.1.1. The Systems Security Engineering Capability Maturity Model
        2. 25.1.2. NSA Infosec Assessment Methodology
        3. 25.1.3. Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)
        4. 25.1.4. Federal Information Technology Security Assessment Framework
      2. 25.2. Certification and Accreditation
        1. 25.2.1. NIACAP
          1. 25.2.1.1. The Four Phases of NIACAP
          2. 25.2.1.2. Roles of NIACAP
        2. 25.2.2. DITSCAP
          1. 25.2.2.1. The four phases of DITSCAP
          2. 25.2.2.2. Roles of DITSCAP
      3. 25.3. DIACAP
        1. 25.3.1.
          1. 25.3.1.1. The five phases of DIACAP
          2. 25.3.1.2. DIACAP challenges
        2. 25.3.2. Comparison and inclusion of other vehicles
      4. 25.4. Federal Information Processing Standard 102
      5. 25.5. OMB Circular A-130
      6. 25.6. The National Institute of Standards and Technology Assessment Guidelines
        1. 25.6.1. SP 800-14
        2. 25.6.2. SP 800-27
        3. 25.6.3. SP 800-30
          1. 25.6.3.1. Risk Assessment
          2. 25.6.3.2. Risk mitigation
          3. 25.6.3.3. Evaluation and assessment
          4. 25.6.3.4. Residual risk
        4. 25.6.4. SP 800-64
      7. 25.7. Penetration Testing
        1. 25.7.1. Internal penetration test
        2. 25.7.2. External penetration test
        3. 25.7.3. Full knowledge test (white-box test)
        4. 25.7.4. Partial knowledge test (gray-box test)
        5. 25.7.5. Zero knowledge test (black-box test)
        6. 25.7.6. Closed-box test
        7. 25.7.7. Open-box test
      8. 25.8. Auditing and Monitoring
        1. 25.8.1. Auditing
          1. 25.8.1.1. Standards
          2. 25.8.1.2. The audit process
        2. 25.8.2. Monitoring
      9. 25.9. Summary
  13. VII. Integrated Cyber Security
    1. 26. Validating Your Security
      1. 26.1. Overview
        1. 26.1.1. Penetration test
        2. 26.1.2. Security assessment
      2. 26.2. Current State of Penetration Testing
        1. 26.2.1. Current penetration testing flow
        2. 26.2.2. Automated vulnerability scanners vs. manual penetration testing
      3. 26.3. Formal Penetration Testing Methodology
        1. 26.3.1. Pre-attack phase
          1. 26.3.1.1. Defining scope of assessment
          2. 26.3.1.2. Discovery/information gathering
          3. 26.3.1.3. Enumeration/scanning
          4. 26.3.1.4. Vulnerability mapping
        2. 26.3.2. Attack phase
          1. 26.3.2.1. Gaining access
          2. 26.3.2.2. Escalating privileges
          3. 26.3.2.3. Repeating steps
        3. 26.3.3. Post-attack phase
          1. 26.3.3.1. Restoring compromised systems
          2. 26.3.3.2. Analyzing results
          3. 26.3.3.3. Compiling data into comprehensive report
      4. 26.4. Steps to Exploiting a System
        1. 26.4.1. Passive reconnaissance
        2. 26.4.2. Active reconnaissance
        3. 26.4.3. Exploiting the system
          1. 26.4.3.1. Gaining access
            1. 26.4.3.1.1. Operating system attacks
            2. 26.4.3.1.2. Application-level attacks
            3. 26.4.3.1.3. Scripts and sample program attacks
            4. 26.4.3.1.4. Misconfiguration attacks
          2. 26.4.3.2. Elevating privileges
          3. 26.4.3.3. Denial of service
        4. 26.4.4. Uploading programs
        5. 26.4.5. Keeping access: Back doors and Trojans
        6. 26.4.6. Covering one's tracks
      5. 26.5. Summary
    2. 27. Data Protection
      1. 27.1.
        1. 27.1.1. Identifying and classifying sensitive data
        2. 27.1.2. Creating a data usage policy
        3. 27.1.3. Controlling access
        4. 27.1.4. Using encryption
        5. 27.1.5. Hardening endpoints and network infrastructure
        6. 27.1.6. Physically securing the work environment
        7. 27.1.7. Backing up data
        8. 27.1.8. Improving education and awareness
        9. 27.1.9. Enforcing compliance
        10. 27.1.10. Validating processes
      2. 27.2. Endpoint Security
        1. 27.2.1. Hardening the OS baseline
          1. 27.2.1.1. Windows
          2. 27.2.1.2. Linux
        2. 27.2.2. Patch management
        3. 27.2.3. Automated tools
          1. 27.2.3.1. Antivirus
          2. 27.2.3.2. Personal firewall
          3. 27.2.3.3. Host IDS/IPS
          4. 27.2.3.4. Anti-spyware/adware tools
          5. 27.2.3.5. Centralized security management console
        4. 27.2.4. Client access controls
        5. 27.2.5. Physical security
        6. 27.2.6. Vulnerability assessments
        7. 27.2.7. Endpoint policy management/enforcement
          1. 27.2.7.1. User education
          2. 27.2.7.2. Remote access
          3. 27.2.7.3. Virtual machines
          4. 27.2.7.4. NAC
      3. 27.3. Insider Threats and Data Protection
      4. 27.4. Summary
    3. 28. Putting Everything Together
      1. 28.1. Critical Problems Facing Organizations
        1. 28.1.1. How do I convince managers that security is a problem and that they should spend money on it?
        2. 28.1.2. How do I keep up with the increased number of attacks?
        3. 28.1.3. How do you make employees part of the solution and not part of the problem?
        4. 28.1.4. How do you analyze all the log data?
        5. 28.1.5. How do I keep up with all of the different systems across my enterprise and make sure they are all secure?
        6. 28.1.6. How do I know if i am a target of corporate espionage or some other threat?
        7. 28.1.7. Top 10 common mistakes
      2. 28.2. General Tips for Protecting a Site
        1. 28.2.1. Defense in Depth
        2. 28.2.2. Principle of least privilege
        3. 28.2.3. Know what is running on your system
        4. 28.2.4. Prevention is ideal, but detection is a must
        5. 28.2.5. Apply and test patches
        6. 28.2.6. Regular checks of systems
      3. 28.3. Security Best Practices
        1. 28.3.1. Create security policy statements
        2. 28.3.2. Create and update the network diagram
        3. 28.3.3. Place systems in appropriate areas
        4. 28.3.4. Protect internal servers from outbound communications
        5. 28.3.5. Assess the infrastructure
        6. 28.3.6. Protect the perimeter
        7. 28.3.7. Create a strong password policy
        8. 28.3.8. Create good passwords
        9. 28.3.9. Audit passwords
        10. 28.3.10. Use strong authentication
        11. 28.3.11. Remove service accounts
        12. 28.3.12. Create a patching policy
        13. 28.3.13. Perform regular vulnerability assessments
        14. 28.3.14. Enable logging
        15. 28.3.15. Review logs
        16. 28.3.16. Use multiple detection methods
        17. 28.3.17. Monitor outgoing communications
        18. 28.3.18. Perform content inspection
        19. 28.3.19. Control and monitor remote access
        20. 28.3.20. Use defense in depth
        21. 28.3.21. Secure communications
        22. 28.3.22. Back up frequently and regularly
        23. 28.3.23. Protect sensitive information
        24. 28.3.24. Create and test a disaster recovery plan
        25. 28.3.25. Control and monitor the physical space
        26. 28.3.26. Educate users
        27. 28.3.27. Don't forget about the code
        28. 28.3.28. Secure UNIX systems
        29. 28.3.29. Install only essential services
        30. 28.3.30. Deploy single-use servers
        31. 28.3.31. Perform configuration management
        32. 28.3.32. Use firewalls and IDS beyond the perimeter
        33. 28.3.33. Question trust relationships
        34. 28.3.34. Use antivirus software
        35. 28.3.35. Protect system accounts
        36. 28.3.36. Name servers securely
      4. 28.4. Summary
    4. 29. The Future
      1. 29.1. Approaching the Problem
        1. 29.1.1. Organizational approach
        2. 29.1.2. Maintaining a solid cyber-security stance
      2. 29.2. Mission Resilience
        1. 29.2.1. Risk
        2. 29.2.2. Threats
          1. 29.2.2.1. Confidentiality
          2. 29.2.2.2. Integrity
          3. 29.2.2.3. Availability
        3. 29.2.3. Vulnerabilities
        4. 29.2.4. Probability
        5. 29.2.5. Impact
        6. 29.2.6. Countermeasures
        7. 29.2.7. Risk analysis
          1. 29.2.7.1. Qualitative
          2. 29.2.7.2. Quantitative
          3. 29.2.7.3. Presenting your results
      3. 29.3. Limiting Failure Points
        1. 29.3.1. Increasing redundancy
        2. 29.3.2. Controlling and limiting access
      4. 29.4. Summary